Security domain casche dosn't respect infinispan settings --------------------------------------------------------- Key: WFLY-7096 URL: https://issues.jboss.org/browse/WFLY-7096 Project: WildFly Issue Type: Bug Components: Security Affects Versions: 10.0.0.Final, 10.1.0.Final Environment: Tested on Windows 7 Reporter: Marcin Fatyga Assignee: Darran Lofthouse Attachments: patch.txt, standalone.xml, test_webapp.zip In securitydomain we can set "casche-type" to infinispan. Auntentication request ara now stored in infinispan casch, but any settings of this casche (configured in infinispan subsystem) are not applied. Casche is always stored in memory and never expiries. This is serious security issue because after first authentication request credentials, will never be verified again.